Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.

Published byMalcolm Perry Modified over 8 years ago

Similar presentations

Presentation on theme: "Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU."— Presentation transcript:

1 Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU

2 Motives Software cracking is a serious threat to many in the software industry. Attackers can insert an unconditional jump to overpass the serial number checker. How to protect important segment of code has became an issue.

3 The Guarding Framework: Types of guard Guard: a piece of code responsible for performing certain security-related actions during program execution. Checksum code: Checksum another piece of program code at runtime and verify its integrity Repair code: Restore a piece of damaged code to its original form before it is executed or used.

4 The Guarding Framework: Guard Graph

5 The Guarding Framework: Features Distributed-ness Multiplicity Dynamism Scalability

6 The Guarding Framework: System Guard template Binary manipulation Logical boundary between the data and executable code should be blurred. Obfuscate guard code

7 The Guarding Framework: Template Example

8 Conclusion Distributed protection Various protection schemes Configurable tamper-resistance

9 Reference Protecting Software Codes By Guards Hoi Chang, Mikhail J. Atallah Center for Education and Research in Information Assurance and Security & Arxan Technologies PC Assembly Language (NASM) Paul A. Carter

10 Software Watermarking: Models and Dynamic Embeddings The George Washington University CS297 YU-HAO HU

11 Types of Attacks to Watermarking System Subtractive attack: attackers can crop out watermarks. Distortive attack: attackers can twist watermarks. Additive attack: attackers can override watermarks.

12 Fingerprinting System Similar to watermarking system except it gives different secret messages to different receivers. Vulnerable to collusive attack. Attackers can locate the secret messages by comparing different copies of messages.

13 Types of Watermarks: Static Watermarks Data Watermark  Ex. string C = “Copyright…”. Code Watermark  Ex. Additional data stored in an object or wherever in the code. Easy to be destroyed by optimization techniques.

14 Types of Watermarks: Dynamic Watermarks Easter Eggs Dynamic Data Structure  Embedded within the state of a program and showed with a particular input. Dynamic Execution Trace  It is extracted by monitoring a special sequence of operations

15 Dynamic Graph Watermarking: Central Ideas Use the topology of a graph to represent watermark. Graph is dynamically built in the heap. Examine the runtime object heap with the special input sequence.

16 Dynamic Graph Watermarking: Embedding Watermarks Pick number P & Q, n = P * Q Represent n as a graph Program W could build graph.

17 Dynamic Graph Watermarking : Embedding Watermarks Embed W into original program Add temper-proofing Obfuscation

18 Dynamic Graph Watermarking : Embedding Watermarks Remove recognizer to be product version

19 Dynamic Graph Watermarking: Verifying Watermarks Links recognizer with the product Gives special input set I and gets the number n Factoring n to get P and Q

20 Obfuscation Techniques: Loop i = 1; while ( i< 100){ … i += 1; … }

21 Obfuscation Techniques: Loop i = 1, j = 100; while ( (i< 100)&&((i+j)!=-1)){ … i += 1; j = (j*100)%50; … }

22 Obfuscation Techniques: Class Inheritance Class One Class A Class Z

23 Obfuscation Techniques: Class Inheritance Class One Class A Class Z Class AA Interface A

24 Dynamic Graph Watermarking: Conclusion Resistant to optimization, obfuscation transformation because they don’t affect heap allocation. Using reflection to prevent renaming or reordering graph nodes Constantly checking graph to ensure the graph is not cropped out.

25 References Software Watermarking: Models and Dynamic Embeddings Christian Collberg, Clark Thomborson Software Watermarking: Models and Dynamic Embeddings Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs Christian Collberg, Clark Thomborson, Douglas Low Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs Breaking Abstractions and Unstructuring Data Structures Christian Collberg, Clark Thomborson, Douglas Low Breaking Abstractions and Unstructuring Data Structures

Download ppt "Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU."

Similar presentations

Spatial Domain Image Watermarking Robust against Compression, Filtering, Cropping and Scaling By Sebé, Domingo-Ferrer, Herrera Information Security Dec.

Spatial Domain Image Watermarking Robust against Compression, Filtering, Cropping and Scaling By Sebé, Domingo-Ferrer, Herrera Information Security Dec.
Protecting Software Code By Guards - by Hoi Chang and Mikhail J. Atallah “Many software-based mechanisms for protecting program code are too weak[…] or.

Protecting Software Code By Guards - by Hoi Chang and Mikhail J. Atallah “Many software-based mechanisms for protecting program code are too weak[…] or.
H12.1 15-Mar-01 Clark Thomborson Software Security CompSci 725 Handout 12: Student Presentations, Watermarking & Obfuscation Clark Thomborson University.

H Mar-01 Clark Thomborson Software Security CompSci 725 Handout 12: Student Presentations, Watermarking & Obfuscation Clark Thomborson University.
Techniques for Software Watermarking and Fingerprinting Prof. Clark Thomborson Presentation at Tsinghua University 17 th March 2010.

Techniques for Software Watermarking and Fingerprinting Prof. Clark Thomborson Presentation at Tsinghua University 17 th March 2010.
Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.
Steganography and Watermarks Trust and Reputation.

Steganography and Watermarks Trust and Reputation.
Information Hiding: Watermarking and Steganography

Information Hiding: Watermarking and Steganography
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.

A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.
IBinHunt: Binary Hunting with Inter-Procedural Control Flow Jiang Ming, Meng Pan, and Debin Gao College of Information Sciences and Technology, Penn State.

IBinHunt: Binary Hunting with Inter-Procedural Control Flow Jiang Ming, Meng Pan, and Debin Gao College of Information Sciences and Technology, Penn State.
1 A Functional Taxonomy for Software Watermarking Jas Nagra, Clark Thomborson University of Auckland Christian Collberg University of Arizona.

1 A Functional Taxonomy for Software Watermarking Jas Nagra, Clark Thomborson University of Auckland Christian Collberg University of Arizona.
Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.

Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.
Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,

Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,

Similar presentations

Ads by Google